Hmm, okay. Since the Session Tutorial said that we can use server-side-session management (= No cookies) I thought that this is what I was doing. So I'm wrong here, correct? I don't want any cookies.
And I do have a separate login page.
Ok, you can consider this a follow up to Re^4: Problems with session expiration (there is no session)
no cookies means no session ;
$session->header sends cookies
if you don't want cookies, you can communicate the session id through link rewriting, like "/sessionid/link" or "/link?sessionid" or "/link?id=sessionid"
or through hidden form field ... but then all your links have to be buttons
your code as written doesn't actually do this
A session is just an id associated with a browser, browser communicates sessionid to server via cookie/urlparam/formparam .... server looks up sessionid in database (or wherever) to retrieve data associated with sessionid
is that clearer?
Another alternative to cookies is Digest access authentication which is just another HTTP header (like cookies)
Mojolicious::Plugin::DigestAuth - HTTP Digest Authentication for Mojolicious
Plack::Middleware::Auth::Digest - Digest authentication
Catalyst::Plugin::Session::Manager::Client::Rewrite - handle sessonid with rewriting URL
Catalyst::Plugin::Session::State::URI - Use URIs to pass the session id between requests
Good luck
|